Tag Archives: ransomware




When I was in high school, a friend of mine had a poster on his wall that read, “Just because you’re paranoid doesn’t mean they aren’t out to get you.”

That pretty well summarizes how the world of cybersecurity and insurance works. Companies may feel paranoid for looking over their shoulder all the time, expecting something back to happen, but we all know that there are plenty of bad guys out to find all the victims they can.

Ransomware, in particular, has become an enormous problem. A few years ago, hackers would make limited strikes and hit a few computers at a company, then demand $10,000 or maybe $20,000 to unlock them. Now, though, hackers have figured out ways to combine their specialized skills and make a much broader attack that includes finding and locking up the backup servers — which means the hackers have pretty much shut a company down and can make any ransom demand they want. Demands of $500,000 or more are common, and some reach into the many millions of dollars.

Insurance is surely part of the solution for most companies, but paranoia plays a role, too. Companies need to spend much more time focusing on how to prevent the cyber attacks in the first place, and the best insurance companies are using their expertise to help clients with that effort. New tools and techniques offer considerable hope.

Within that effort at prevention, there is room for an awful lot more cooperation. Law enforcement can work with insurers and company clients to educate them on trends and offer advice, and insurers and their clients can work together to share information on vulnerabilities and on potential solutions. As long as the bad guys are working together, the good guys need to, too.

– Paul Carroll, ITL’s Editor-in-Chief


The Alarming Surge in Ransomware Attacks

Insurers can help clients protect themselves – but preventive approaches aren’t yet widely implemented, leaving the door open for unscrupulous hackers. Join Michael Palotay, Chief Underwriting Officer for Tokio Marine HCC – Cyber & Professional Lines, and Paul Carroll as they continue their discussion on ransomware, cyber attacks, and how businesses can protect themselves.


CISOs, Risk Managers: Better Together

In most large firms, risk managers buy cyber insurance–but are rarely expert in network security and may not fully understand the risk profile.


Ransomware Grows More Pernicious

The emergence of the Maze variant creates a new threat, that stolen information will be released to the public on the internet.


How to Fight Rise in Cyber Criminals

IT security standards have sometimes been lowered or suspended for work at home in the pandemic, resulting in cyber security exposures.


New Enhancements for Cyber Coverage

Cyber insurance is probably the most rapidly evolving product on the market. Here are some of the newer enhancements.


How CAT Models Are Extending to Cyber

The approach to models used for natural catastrophes is being applied to cyber, leading to a quick maturation in understanding the risks.


How Machine Learning Halts Data Breaches

There are four main types of data breaches that advances in machine learning can help thwart.



Get to know this month’s FOCUS article authors:

Evan Bundschuh

Kelly Castriotta

Laurel Di Silvestro

Mark Greisiger

Charles Pruzinsky

Erica Sunarjo

Learn More about ITL Focus

Interested in sponsoring ITL Focus or learning about other promotional opportunities? Contact us

Six Things Newsletter | April 13, 2021

Microsoft Just Raised the Bar

Paul Carroll, Editor-in-Chief of ITL

While insurance has been steadily improving communications with customers through gradual adoption of chatbots, Microsoft just put another big item on the industry’s technology to-do list: speech recognition.

Microsoft’s announcement on Monday that it is buying speech-recognition firm Nuance for $16 billion means that insurers will have to confront the technology — likely sooner than they had expected. Big Tech has already been getting consumers accustomed to having their speech understood by devices, mostly via Siri and Alexa, and the Microsoft purchase of Nuance will push speech recognition into many business transactions. All industries, including insurance, will have to react as Big Tech again raises the bar for what constitutes a reasonable customer experience.

So, it’s worth spending a minute thinking about what speech recognition will — and won’t — change in insurance… continue reading >

Majesco Webinar

The pace of change has accelerated to hyper-speed, making digital insurance business models more important than ever. Learn what the Leaders are doing.

Watch Now


The Future of AI in Insurance
by Karin Golde

Organizations hoping to deploy artificial intelligence have to know what problems they’re solving — no vague questions allowed.

Read More

10 Ways to Prepare for the Hard Market
by Jeff Arnold

In soft markets, differentiation can be challenging. But hard markets present an opportunity for the best insurance professionals to stand apart.

Read More

Digital Revolution Reaches Underwriting
sponsored by Intellect SEEC

The digital revolution in insurance, which began in distribution and then spread to claims, has now reached underwriting in a big way.

Read More

How to Deliver the ROI From AI
by Monte Zweben

A technology has emerged that can harness AI across all departments of a business like never before. It’s called a feature store.

Read More

Benchmarks, Analytics Post-COVID
by Kimberly George and Mark Walls

The pandemic introduced several variables that question the validity of actuarial models and benchmarks.

Read More

The Key to the Future of Mobility
by Bill Powers

Telematics can help solve some of the insurance industry’s oldest problems, but, first, insurers must win the client’s trust.

Read More

Time to Start Over on Secondary Towing
by Rochelle Thielen

The current system for secondary towing is excruciating. The only reasonable solution is to start over from scratch.

Read More

Webinar :
The Alarming Surge in Ransomware Attacks

sponsored by Tokio Marine HCC – Cyber & Professional Lines Group

Join Michael Palotay, Chief Underwriting Officer for Tokio Marine HCC – Cyber & Professional Lines, and Paul Carroll as they continue their discussion on ransomware, cyber attacks, and how businesses can protect themselves.

Watch Now


April’s Topic: Agents & Brokers

Mark Twain reportedly once responded to a rumor of a serious illness by saying, “Rumors of my death have been greatly exaggerated.”  Insurance agents and brokers could have said the same thing over the past decade and will likely be parrying those rumors for years to come.

There’s no doubt that agents & brokers inhabit a world going digital and not every agent will migrate easily into the ever-more-digital world, but those who do will find the work more rewarding, both for themselves and for their ever-more-loyal clients.

Take Me There

The Alarming Surge in Ransomware Attacks

Join Michael Palotay, Chief Underwriting Officer for Tokio Marine HCC – Cyber & Professional Lines, and Paul Carroll as they continue their discussion on ransomware, cyber attacks, and how businesses can protect themselves.

Watch Now

ITL is a leading platform for thought leaders in the insurance and risk management industries. Partner with ITL to create expert thought leadership content and promote it to our expert audience.

Sponsored Content
Custom Content
Display Advertising
Custom Webinars
Monthly Topic Sponsorships
ITL Partner Packages and more

Learn more and get the 2021 Media Kit


Write for Us

Our authors are what set Insurance Thought Leadership apart.
Get Started


Share Share
Share Share
Tweet Tweet

The Alarming Surge in Ransomware Attacks

Insurers can help clients protect themselves – but preventive approaches aren’t yet widely implemented, leaving the door open for unscrupulous hackers

Ransomware and business email compromise (BEC) attacks are soaring, and ransom demands have gone from an average of $10,000 to well north of $100,000 – demands sometimes reach the tens of millions of dollars. In this interview, we discuss what is causing the surge – and what businesses can do to protect themselves. 

This webinar will discuss:

  • Insights from Michael Palotay, Chief Underwriting Officer for Tokio Marine HCC – Cyber and Professional Lines Group, on the evolution of cyber threats

  • How ransomware and business email compromise attacks harm companies and how cyber insurance is not enough protection

  • What today’s businesses can do to protect themselves


Michael Palotay

Chief Underwriting Officer
Tokio Marine HCC – Cyber & Professional Lines Group

Michael Palotay started his career at AIG in 2006 as a Tech E&O and Cyber Liability Underwriter.  In 2009, he joined NAS Insurance to lead their new Tech/Cyber underwriting facility. Over the next 10 years, his team grew to over 36 underwriters, writing over $130M in premium and consistently delivered impressive underwriting profitability.  When Tokio Marine HCC acquired NAS Insurance, Michael was the Chief Underwriting Officer, focusing on maximizing underwriting profitability, product development and overall business development.  He has continued in this role within the Cyber & Professional Lines group at Tokio Marine HCC.

Paul Carroll

Insurance Thought Leadership

Paul is the co-author of “The New Killer Apps: How Large Companies Can Out-Innovate Start-Ups” and “Billion Dollar Lessons: What You Can Learn From the Most Inexcusable Business Failures of the Last 25 Years” and the author of “Big Blues: The Unmaking of IBM”, a major best-seller published in 1993. Paul spent 17 years at the Wall Street Journal as an editor and reporter. The paper nominated him twice for Pulitzer Prizes. In 1996, he founded Context, a thought-leadership magazine on the strategic importance of information technology that was a finalist for the National Magazine Award for General Excellence. He is a co-founder of the Devil’s Advocate Group consulting firm.

How to Combat the Surge in Ransomware

The threat of a cyber-attack is far more dangerous now than it has been in the past, yet knowledge of the threat prevention systems necessary to protect oneself remain widely unknown. 

Ransomware, in particular, has exploded as a problem. The frequency of such attacks is up almost 200% in the past two years. Severity is up, too — the average ransom demand has surged from roughly $10,000 to well north of $100,000. Combine those two issues, and ransomware is many times as big a problem for clients and insurers as it was two years ago. 

Unless companies create more sophisticated protection systems, the problem will become even worse. Hackers are more astute, increasingly have access to inexpensive tools and have greatly expanded how and what they attack. There are even ransomware developers who sell or lease their ransomware, offering Ransomware-as-a-Service (RaaS).

In the past, attacks were relatively limited. When an employee clicked on an attachment that included a virus, the attack would encrypt the computer. There was minimal ability to spread to other computers, and individual computers were oftentimes backed up. This meant ransomware was frequently seen as just an inconvenience for a company and wasn’t as significant an issue for insurers as it is today.

Now, attackers use their initial entry into a computer as the starting point to work their way into a potentially huge network. The hackers lay traps and can generally find how and where the system’s sensitive information and backup server are located. With this information, the hacker can ensure that paying the ransom is the only way for a company to recover. An attack is often so devastating that the hackers can — and will — ask for exorbitant ransoms.

Tools for hackers are now inexpensive on the dark web, and hacker groups often coordinate. Perhaps one individual finds some credentials that allow a path into a system but isn’t sure how to exploit it. The person might sell the credentials on the dark web or hire some hacker known to be especially good at exploring and exploiting that kind of system; this is RaaS.

While some industries were considered to be relatively low-risk, that’s no longer the case. For instance, a few years ago, manufacturers were considered a target class for cyber insurance carriers because they were unlikely to store personal information, like credit card records. But now, they’re getting hit the hardest: Manufacturers are typically large companies with underdeveloped cyber security capabilities. Hackers would use this to their advantage and exploit these companies, which weren’t prepared for the onslaught of ransomware attacks. 

Within the Tokio Marine HCC – Cyber & Professional Lines Group, we’ve been working with thousands of policyholders to better prepare them for attacks, and people understand the problem conceptually. Cyber is a serious consideration at the executive level and mandatory for business continuity and disaster recovery planning. The recent SolarWinds attack has reminded us all that even the best-protected government and business systems are vulnerable. 

Based on simulations of attacks, we know that approximately 30% of those who receive a phishing email will click on a link that infects their system. Thorough training of staff on awareness and best practices reduces the number who fall for a phishing attack. With proper training, we’ve seen a reduction in exposure, whereby only 10% of employees fall for the trick when a hacker attacks; but that can still be enough for a catastrophe to happen, like the SolarWinds incident.  

Training should be mandatory, but it shouldn’t be the only layer of defense for the network. Perimeter defense, secure backups and patch management are all critical. At present, Tokio Marine HCC provides a vulnerability scanning service for policyholders, which provides insights on vulnerable points of entry for hackers, including security vulnerabilities in policyholders’ perimeter and out-of-date software, to help the insured avoid becoming a victim. 

To combat weak passwords, many companies are starting to require multi-factor authentication to safeguard access to their system. A person must use an alternate means to authenticate themselves through a code texted to a smartphone, provide biometric evidence of their identity through something such as an iris scan or verify their identity via another secondary means. This dramatically reduces the risk that a compromised password leads to a devastating attack.

Companies are moving toward a “zero trust” model to protect their systems. The idea behind this emerging model is to have virtual “hall monitors” to challenge every actor in the system and force that actor to revalidate itself before going into an additional “room.” In the past, companies would use a firewall to keep hackers out, but once hackers get past the wall they virtually have access to any “hall” in the network. 

Companies should also be thinking about their outsourcing arrangements. Outsourcing can be cost-efficient, but if you have a 1,000-person company and only have three full-time people in IT, you’re likely to be using outside contractors. Issues may arise with disagreements regarding who is responsible patching systems or monitoring the network for suspicious activity. Furthermore, Managed Service Providers (MSPs) are being targeted by hackers and, if the hackers gain unauthorized access, are being used to launch ransomware attacks against their clients.

At Tokio Marine HCC – Cyber & Professional Lines Group, we apply our expertise and use our scale to make deals on behalf of clients to create a package of security services from leading providers. These packages involve, for instance, CrowdStrike, which provides endpoint detection security; Cisco’s Duo, a leading service provider of multi-factor authentication; and many others. We provide the bundling of these services at a discount off the market price, as well as with a discount on premiums, because, based on our data, we’re confident that our clients are less vulnerable with solutions such as these. 

However achieved, reducing vulnerability helps both our company and our clients. We view this as a mutual relationship. If we can keep our claims costs as low as possible, our premiums can be as low as possible. However, it is critical for our insureds to focus on cyber security, so they are not an easy target for hackers. Whether a company has insurance or not, an attack is hugely disruptive, and, although we can transfer some of the financial costs, we can’t transfer everything. For instance, companies oftentimes still have to deal with being shut down for a stretch of time, while they hopefully recover their data and ramp back up.

Minimizing exposure to an attack is possible, but a company must invest in layers of network defenses, training and maintenance to stay ahead. Having the right insurance policy can protect you from the financial burden, but the reputational harm or missed opportunities that result from a cyber-attack can be very costly.  

If you are unable to reduce your vulnerability, the problem could spiral out of control. Insurers will need to keep raising rates rapidly or will simply drop out of the market — supply is already dwindling. Clients may find rates so high that they will self-insure — at great risk.  

At Tokio Marine HCC – Cyber & Professional Lines Group, we’re committed to the market, and demand for the insurance has never been greater. Our focus is staying on top of loss trends so we can help our clients continue to reduce risks and keep the problem manageable for all.

For more information about the Cyber & Professional Lines Group, please visit www.tmhcc.com/pro

Surging Costs of Cyber Claims

External attacks on companies result in the most expensive cyber insurance losses, but employee mistakes and technical problems are the most frequent generator of claims by number, according to a new report from Allianz Global Corporate & Specialty, Managing The Impact Of Increasing Interconnectivity – Trends In Cyber Risk. The study analyzes 1,736 cyber-related insurance claims valued at $770 million involving AGCS and other insurers from 2015 to 2020.

The number of cyber insurance claims AGCS has been notified of has steadily risen over the last few years, up from 77 in 2016, when cyber was a relatively new line of insurance, to 809 in 2019. In 2020, AGCS has already seen 770 claims in the first three quarters. This steady increase in claims has been driven, in part, by the growth of the global cyber insurance market, which is currently estimated to be $7 billion, according to Munich Re

AGCS started offering cyber insurance in 2013 and, in 2019, generated more than EUR 100 million in gross written premium in this segment. There has been a 70%-plus increase in the average cost of cybercrime to an organization over five years to $13 million and a 60%-plus increase in the average number of security breaches.

Losses resulting from external incidents, such as distributed denial of service (DDoS) attacks or phishing and malware/ransomware campaigns, account for the majority of the value of claims analyzed (85%), according to the report, followed by malicious internal actions (9%) – which are infrequent but can be costly. Accidental internal incidents, such as employee errors while undertaking daily responsibilities, IT or platform outages, systems and software migration problems or loss of data, account for over half of cyber claims analyzed by number (54%), but, often, the financial impact of these is limited compared with cybercrime. However, losses can quickly escalate in the case of more serious incidents.

The cyber risk environment is not expected to become any easier in the future. Businesses and insurers are facing a number of challenges, such as the prospect of more expensive business interruptions, the rising frequency of ransomware incidents, more costly consequences of larger data breaches given more robust regulation and litigation, and the impact from the playing out of political differences in cyber space through state-sponsored attacks. 

The huge rise in remote working due to the coronavirus pandemic is also an issue. Displaced workforces create opportunities for cyber criminals to gain access to networks and sensitive information. Malware and ransomware incidents are already reported to have increased by more than a third since the start of 2020, while coronavirus-themed online scams and phishing campaigns about the pandemic continue. At the same time, the potential impact from human error or technical failure incidents may also be heightened. 

While exposures are rising, the COVID-19 outbreak cannot yet be said to be a direct cause of cyber-related claims. AGCS has seen the first few cyber claims that can be indirectly attributed to the COVID-19 landscape, including ransomware attacks that can be linked to the shift to more remote working. However, it’s too early to confirm a broader trend.

See also: The Missing Tool for Cyber Resilience

Ransomware threats surge

Already high in frequency, ransomware incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. There were nearly half a million ransomware incidents reported globally last year, costing organizations at least $6.3 billion in ransom demands alone. Total costs associated with dealing with these incidents are estimated to be well in excess of $100 billion.

Business interruption and digital supply chain vulnerability growing

Business interruption (BI) following a cyber incident has become a major concern for business. Analysis of cyber claims by AGCS shows that BI is the main cost driver in the majority of cases. Whether ransomware, human error or a technical fault, the loss of critical systems or data can bring an organization to its knees in today’s digitalized economy. 

Dependency on digital supply chains – both for the delivery of services and the supply of goods brings numerous benefits. Shared technology-based platforms enable data to be exchanged between parties, automate administrative tasks and transport products on demand. However, such platforms can potentially create a chain reaction ensuring a BI cascades through a whole sector. If a platform is unavailable due to a technical glitch or cyber event, it could bring large BI losses for multiple companies that all rely and share the same system.

Data breaches and state-sponsored attacks

The cost of dealing with a large data breach is rising as IT systems and cyber events become more complex, and with the growth in cloud and third-party services. Data privacy regulation, which has recently been tightened in many countries, is also a key factor driving cost, as are growing third-party liability and the prospect of class action litigation. So-called mega data breaches (involving more than one million records) are more frequent and expensive, now costing $50 million on average, up 20% over 2019.

In addition, the impact of the increasing involvement of nation states in cyber-attacks is a growing concern. Major events like elections and COVID-19 present significant opportunities. During 2020, Google said it has had to block over 11,000 government-sponsored potential cyber-attacks per quarter. Recent years have seen critical infrastructure, such as ports and terminals and oil and gas installations hit by cyber-attacks and ransomware campaigns.

Prepare, practice and prevent

Preparation and training of employees can significantly reduce the consequences of a cyber event, especially in phishing and business email compromise schemes, which can often involve human error. It can also help mitigate ransomware attacks, although maintaining secure backups can limit damage. Cross-sector exchange and cooperation among companies is also key when it comes to defying highly commercially organized cybercrime, developing joint security standards and improving cyber resilience. 

See also: Essential Steps for Cyber Insurance

The COVID-19 landscape brings new challenges. With home-working widespread, security around access and authentication points is critical, but organizations should also ensure there is sufficient network capacity as this can have a significant impact on lost income if there is an outage. 

For more key takeaways from the report, please visit this page.